環境

兩臺機器兩網卡同網段接入同一個二層交換機。

機器A ens38 00:0c:29:a4:8b:fb 10.0.0.11/24 ens39 00:0c:29:a4:8b:05 10.0.0.12/24

機器B ens38 00:0c:29:4f:a6:c4 10.0.0.21/24 ens39 00:0c:29:4f:a6:ce 10.0.0.22/24

初始ARP表

只有管理口接口的ARP表項，10.0.0.0/24網段沒有

機器A

root@ubuntu22:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.0.1.13               ether   00:0c:29:c1:16:a8   C                     ens33
172.0.1.131              ether   b4:56:b9:f0:02:a5   C                     ens33
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33

機器B

root@u22s:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.12               ether   00:0c:29:a4:8b:f1   C                     ens33

A ens38 10.0.0.11 ----> B 10.0.0.21

root@ubuntu22:~# ping -I ens38 10.0.0.21 -c 5 -w 5
PING 10.0.0.21 (10.0.0.21) from 10.0.0.11 ens38: 56(84) bytes of data.
64 bytes from 10.0.0.21: icmp_seq=1 ttl=64 time=0.447 ms
64 bytes from 10.0.0.21: icmp_seq=2 ttl=64 time=0.236 ms
64 bytes from 10.0.0.21: icmp_seq=3 ttl=64 time=0.223 ms
64 bytes from 10.0.0.21: icmp_seq=4 ttl=64 time=0.231 ms
64 bytes from 10.0.0.21: icmp_seq=5 ttl=64 time=0.377 ms--- 10.0.0.21 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4097ms
rtt min/avg/max/mdev = 0.223/0.302/0.447/0.091 ms

抓包

arp表項

![ens38-ping-10.0.0.22](C:\Users\CK\Documents\blog\ens38-ping-10.0.0.22.png)root@ubuntu22:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.131              ether   b4:56:b9:f0:02:a5   C                     ens33
10.0.0.21                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.13               ether   00:0c:29:c1:16:a8   C                     ens33
172.0.1.25               ether   00:0c:29:4f:a6:ba   C                     ens33

數據走向圖

A ens38 10.0.0.11 —> B 10.0.0.22

root@ubuntu22:~# ping -I ens38 10.0.0.22 -c 5 -w 5
PING 10.0.0.22 (10.0.0.22) from 10.0.0.11 ens38: 56(84) bytes of data.
64 bytes from 10.0.0.22: icmp_seq=1 ttl=64 time=0.479 ms
64 bytes from 10.0.0.22: icmp_seq=2 ttl=64 time=0.317 ms
64 bytes from 10.0.0.22: icmp_seq=3 ttl=64 time=0.208 ms
64 bytes from 10.0.0.22: icmp_seq=4 ttl=64 time=0.976 ms
64 bytes from 10.0.0.22: icmp_seq=5 ttl=64 time=0.294 ms--- 10.0.0.22 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4065ms
rtt min/avg/max/mdev = 0.208/0.454/0.976/0.274 ms

抓包

arp表項

root@ubuntu22:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.131              ether   b4:56:b9:f0:02:a5   C                     ens33
10.0.0.21                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.13               ether   00:0c:29:c1:16:a8   C                     ens33
172.0.1.25               ether   00:0c:29:4f:a6:ba   C                     ens33

機器B的ARP

root@u22s:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.11                ether   00:0c:29:a4:8b:fb   C                     ens39
172.0.1.12               ether   00:0c:29:a4:8b:f1   C                     ens33
10.0.0.11                ether   00:0c:29:a4:8b:fb   C                     ens38

數據走向圖

A ens39 10.0.0.12 —> B 10.0.0.21

root@ubuntu22:~# ping -I ens39 10.0.0.21 -c 5 -w 5
PING 10.0.0.21 (10.0.0.21) from 10.0.0.12 ens39: 56(84) bytes of data.
64 bytes from 10.0.0.21: icmp_seq=1 ttl=64 time=0.415 ms
64 bytes from 10.0.0.21: icmp_seq=2 ttl=64 time=0.288 ms
64 bytes from 10.0.0.21: icmp_seq=3 ttl=64 time=0.202 ms
64 bytes from 10.0.0.21: icmp_seq=4 ttl=64 time=0.205 ms
64 bytes from 10.0.0.21: icmp_seq=5 ttl=64 time=0.195 ms--- 10.0.0.21 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4079ms
rtt min/avg/max/mdev = 0.195/0.261/0.415/0.084 ms

抓包

ARP表

root@ubuntu22:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.131              ether   b4:56:b9:f0:02:a5   C                     ens33
10.0.0.21                ether   00:0c:29:4f:a6:ce   C                     ens39
10.0.0.21                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.13               ether   00:0c:29:c1:16:a8   C                     ens33
172.0.1.25               ether   00:0c:29:4f:a6:ba   C                     ens33
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens39

數據走向圖

A ens39 10.0.0.12 —> 10.0.0.22

root@ubuntu22:~# ping -I ens39 10.0.0.22 -c 5 -w 5
PING 10.0.0.22 (10.0.0.22) from 10.0.0.12 ens39: 56(84) bytes of data.
64 bytes from 10.0.0.22: icmp_seq=1 ttl=64 time=0.224 ms
64 bytes from 10.0.0.22: icmp_seq=2 ttl=64 time=0.233 ms
64 bytes from 10.0.0.22: icmp_seq=3 ttl=64 time=0.330 ms
64 bytes from 10.0.0.22: icmp_seq=4 ttl=64 time=0.279 ms
64 bytes from 10.0.0.22: icmp_seq=5 ttl=64 time=0.230 ms--- 10.0.0.22 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4100ms
rtt min/avg/max/mdev = 0.224/0.259/0.330/0.040 ms

抓包

ARP表項

root@ubuntu22:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.131              ether   b4:56:b9:f0:02:a5   C                     ens33
10.0.0.21                ether   00:0c:29:4f:a6:ce   C                     ens39
10.0.0.21                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.13               ether   00:0c:29:c1:16:a8   C                     ens33
172.0.1.25               ether   00:0c:29:4f:a6:ba   C                     ens33
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens39

機器B ARP表項

root@u22s:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.0.11                ether   00:0c:29:a4:8b:fb   C                     ens38
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.12                ether   00:0c:29:a4:8b:05   C                     ens39
10.0.0.11                ether   00:0c:29:a4:8b:fb   C                     ens39
172.0.1.12               ether   00:0c:29:a4:8b:f1   C                     ens33
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.12                ether   00:0c:29:a4:8b:05   C                     ens38

數據走向圖

機器B ping 機器A

root@u22s:~# ping -I ens39 10.0.0.12 -c 3
PING 10.0.0.12 (10.0.0.12) from 10.0.0.22 ens39: 56(84) bytes of data.
64 bytes from 10.0.0.12: icmp_seq=1 ttl=64 time=0.199 ms
64 bytes from 10.0.0.12: icmp_seq=2 ttl=64 time=0.233 ms
64 bytes from 10.0.0.12: icmp_seq=3 ttl=64 time=0.244 ms--- 10.0.0.12 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2052ms
rtt min/avg/max/mdev = 0.199/0.225/0.244/0.019 ms
root@u22s:~# ping -I ens39 10.0.0.11 -c 3
PING 10.0.0.11 (10.0.0.11) from 10.0.0.22 ens39: 56(84) bytes of data.
64 bytes from 10.0.0.11: icmp_seq=1 ttl=64 time=0.192 ms
64 bytes from 10.0.0.11: icmp_seq=2 ttl=64 time=0.228 ms
64 bytes from 10.0.0.11: icmp_seq=3 ttl=64 time=0.292 ms--- 10.0.0.11 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2042ms
rtt min/avg/max/mdev = 0.192/0.237/0.292/0.041 ms
root@u22s:~# ^C
root@u22s:~# 
root@u22s:~# ping -I ens38 10.0.0.12 -c 3
PING 10.0.0.12 (10.0.0.12) from 10.0.0.21 ens38: 56(84) bytes of data.
64 bytes from 10.0.0.12: icmp_seq=1 ttl=64 time=0.192 ms
64 bytes from 10.0.0.12: icmp_seq=2 ttl=64 time=0.201 ms
64 bytes from 10.0.0.12: icmp_seq=3 ttl=64 time=0.930 ms--- 10.0.0.12 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2020ms
rtt min/avg/max/mdev = 0.192/0.441/0.930/0.345 ms
root@u22s:~# ping -I ens38 10.0.0.11 -c 3
PING 10.0.0.11 (10.0.0.11) from 10.0.0.21 ens38: 56(84) bytes of data.
64 bytes from 10.0.0.11: icmp_seq=1 ttl=64 time=0.195 ms
64 bytes from 10.0.0.11: icmp_seq=2 ttl=64 time=0.632 ms
64 bytes from 10.0.0.11: icmp_seq=3 ttl=64 time=0.251 ms

en39 10.0.0.22 --> 10.0.0.12

ens39 10.0.0.22 --> 10.0.0.11

ens38 10.0.0.21 --> 10.0.0.12

ens38 10.0.0.21 --> 10.0.0.11

數據走向圖

arp表

root@u22s:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.0.11                ether   00:0c:29:a4:8b:fb   C                     ens38
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.12                ether   00:0c:29:a4:8b:05   C                     ens39
10.0.0.11                ether   00:0c:29:a4:8b:fb   C                     ens39
172.0.1.12               ether   00:0c:29:a4:8b:f1   C                     ens33
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.12                ether   00:0c:29:a4:8b:05   C                     ens38

現象分析

Node A ping Node B時， 不論目的IP是B.ens38還是B.ens39所有包都從 ens39 進入Node B

從ARP報文來看，10.0.0.21的MAC響應ens38和ens39都有，但是ens39的MAC響應是先收到的，ARP表中 10.0.0.21,10.0.0.22的mac地址都是 ens39 00:0c:29:4f:a6:ce。

Node B ping Node A時，數據包從對應IP的接口進入， ARP表中IP與MAC也是正確對應的，抓包到的ARP報文響應也是對應接口的MAC

小結

雙機多網口二層連接，配置同網段地址，那么IP-MAC映射會存在不確定性，會受到ARP響應的先后順序影響。如果多機多網口這樣連接，恐怕不能通過指定源目的IP來實現指定接口到指定接口的通信。
而主機對ARP請求的響應，可能是都從一個接口處，也可能各個接口都出，這種行為的區別暫不清楚受到哪些內核配置的影響。

解決方法

設置規則

# 關閉ARP代答
sudo sysctl -w net.ipv4.conf.all.proxy_arp=0
sudo sysctl -w net.ipv4.conf.default.proxy_arp=0# 設置ARP過濾規則
sudo sysctl -w net.ipv4.conf.all.arp_ignore=1
sudo sysctl -w net.ipv4.conf.all.arp_announce=2
sudo sysctl -w net.ipv4.conf.default.arp_ignore=1
sudo sysctl -w net.ipv4.conf.default.arp_announce=2# For each specific interface
sudo sysctl -w net.ipv4.conf.ens38.arp_ignore=1
sudo sysctl -w net.ipv4.conf.ens38.arp_announce=2
sudo sysctl -w net.ipv4.conf.ens39.arp_ignore=1
sudo sysctl -w net.ipv4.conf.ens39.arp_announce=2

• arp_ignore
  

  • 值為0：對所有請求進行響應。
  • 值為1：只響應目標IP地址是接口上本地地址的請求，不響應非本地地址的請求。

• arp_announce
  

  • 值為0：默認行為，使用最合適的本地地址進行ARP應答。
  • 值為1：僅使用目標網絡的最佳地址進行ARP應答。
  • 值為2：僅使用發送接口上的地址進行ARP應答。

抓包

沒有多余ARP響應

ARP表

root@ubuntu22:~# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens38
172.0.1.131              ether   b4:56:b9:f0:02:a5   C                     ens33
172.0.1.32               ether   00:e0:97:1c:20:1a   C                     ens33
172.0.1.1                ether   00:e0:97:1c:20:1a   C                     ens33
10.0.0.21                ether   00:0c:29:4f:a6:c4   C                     ens38
172.0.1.13               ether   00:0c:29:c1:16:a8   C                     ens33
10.0.0.22                ether   00:0c:29:4f:a6:ce   C                     ens39

IP與MAC映射關系正常了。